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NATIONAL SECURITY AGENCY 
CENTRAL SECURITY SERVICE 

FORT GEORGE G. MEAOE. MARYLAND 20T55-6000 

a 29 February 2007 


t— This date is 
incorrect and 
should read 29 
February 2008. 

MEMORANDUM FOR THE ASSISTANT TO THE SECRETARY OF DEFENSE 
(INTELLIGENCE OVERSIGHT) 

SUBJECT: (U//FOUO) Required Actions for the C-Y 2007 Intelligence Oversight Report to 
Congress - INFORMATION MEMORANDUM 

(U/ TOUOr In accordance with your memorandum of 15 November 2007, the enclosed 
consolidation ot the National Security Agency’s Quarterly Reports to the President’s Intelligence 
Oversight Board for calendar year 2007 is provided to assist the Secretary of Defense in 
preparation of his Annual Report to Congress. 


is 

GEORGE ELLARD 
Inspector General 

(b)(3J-P.L. 86-36 



Enel: 

Annual Report 


This document may be declassified 

and marked “UNCLASSIFiEDZ /For Offic i al 

Approved for Release bv NSA on 12-19-2014, FOIA Case # 70809 (Litigation) 

Derived From: NSA/CSSM 1-52 
Dated: 20070108 
Declassify On: 20320108 
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1. (UtfFOUO) Intelligence, counterintelligence, and intelligence-related activities 
that violate law, regulation, or policy substantiated during the quarter, as well as 
any actions taken as a result of the violations. 

(li) Intelligence Activities j£j _ P _ L _ 86 _ 36 

(TS//SI//REL TO USA, FVEY) Unintentional collection against United States (U.S.) 
persons. On I I occasions Signals Intelligence (SIGINT) analysts inadvertently 
collected communications to, from, or about U. S. persons while pursuing foreign 
intelligence tasking were reported in calendar year 2007. 


(TS//SI//REL TO UP A. 


(b) (31-P.Lj 
(b) (3)-50 


86-36 
3C 3024(i) 


(S//SI//REL TO USA, FVEY) There were I linstances of unintentional collection 
resulting from poorly constructed database quer ies, and two incidents resulting from 
human error. In one case, the analyst neglectedl | 

1 and in the 

other a typing mistake was made. (1) 

|b) (3)-P.L. 86-36 

(S//EI//REL TO UOA, FVEY) On| |occasions, targets initially thought to be 
legitimate and foreign were found to hold U.S. citizenship or permanent resident 
status after they had been tasked for collection. 

W/SI//REL TO UOA, FVEY.t O n [~| occasions, | ~~| 

the United Sta tes. Another target] | 

|b o the United States. 


(TS//SI//NF) 
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(b)(1) 

(b)(3)-P.L. 86-36 
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Action Taken. The selectors for the affected collection 


were detasked from selection management systems used to manage and task 
selectors on collection system ^ ~l Unintentionally intercepted electronic 

mail and voice communications were deleted. Data was removed from data storage 
systems. Corrective actions were taken to lessen the risk of recurrence included 


additional training and education and changes to internal controls and software. 


(b)(1) 

(b)(3)-P.L. 86-36 



"t3r/3T//RCL TO U SA, PVEV) Unintentional dissemination of U.S. identities. During 
this quarter. | I SIGINT products were cancelled because they contained the 
identities of U.S. persons, organizations, or entities. In all instances, the reports 
were either n ot reis sued or were reissued with the proper minimization. 

Additionally, □u.s. identities were released without proper authority as a result 
of tips , analysis of events, or being included in a briefing slide. The data for the 

I lvioiations was recalled, cleared from computer hard drives, and destroyed. 

. .-.:W) ,i, . Mid 

h ' , .p , m (3,1-50 USC 3024(1) 

■/ |b)13T ^ 86 36 (KKoNp.l. 86-36 


Protect Ameri 


This risk reduction measure 


.ncj dents 


in the United States. In 


_____ _instances, as \ 

required by the PAA, collection was suspended immediately until the target left the 
Unite d States. In one instance, analysts noted the target’s presence in the United 
States] 

resulting in detasking delays and in unauthorized collection. Corrective actions 
have been taken to les sen th e risk of recurrence, including changes to internal 
control procedures. In | [ instances, unauthorized collection occurred when the 

targets were later found to be in the United States. < b > (i > 


(T9//0I//NF) foreign Intelligence Surveillance Act (FISA) collection. There were 
FISA collection incidents in calendar year 2007. Causes for the inadvertent 


collection include: 


queries were deleted, cell phone numbers were removed from the tasking 


atabase, and intercepts were destroyed 



(b)(1) 

(b)(3)-18 USC 798 
(b)(3)-P.L. 86-36 
(b)(3)-50 USC 3024(i) 
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(b)(1) 

(b)(3)-P.L. 86-36 


(TB//G1//NF) FiSA dissemination. |_ J published reports were cancelled because 

they contained the identi ties of U.S. persons, organizations, or entities. 
Additionally, there were l ~1 instances of improper dissemination of unevaluated, 
unminimized SIGINT derived from court-approved collection. In t he first instance. 
an analyst sent unmin imized NSA FISA-derived communications t(£ 


J analysts without proper authorization. The same clay, 


shared the information with 


Jubsequently destroy ed th e improperly disseminated material, 


analysts were instructed to delete the communications. In the second incident, 
unevaluated, unminimized S IGINT derived from court-approved collect ion was 
imp roperly dissemin ated to e j I The same 

day 1- 

and[ ... ._ 

which contained the identificatio ns of| |U.S. entities. In the thir d instance, an 86 - 3 6 

analyst forwarded FISA data to a | I site. which was 

not authorized to receive such data. | [ personnel discovered the mistake and 
destroyed all the data. 


(U) Counterintelligence Activities 


(b)(31-P.L. 86-36 


(U) Nothing to report. 


(U) Intelligence-related Activities 


(S//SI//REL TO USA. FVE¥f 



1(b)(1) 

S)(3)-P.L. 


)(3)-P.L. 86-36 


A request to target the 
communicant overseas was submitted to the Office of the Attorney General. 


(b)(7)(E) 
OGA 


(TS//SI//RE L TO USA, FVE ¥fNSA Texas inappropriately targeted a U.S. person 
based on an | 

Upon recognition of the mistake, the telephone numbers were detasked. The next 
day, analysts determined that detasking had not taken place and took measures to 
detask the numbers. 

(U/ /FOUO) Qn | H occasions, SIGINT analysts accessed SIGINT in databases to 
which they improperly retained access from previous assignments. Their accounts 

'(b) (1) 

(b)(3)-P.L. 86-36 
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were disabled and they received remedial training concerning the proper use of 
databases. 


(U) Misuse of the U.S. SIGiNT System 


(0//01//NPT While teaching a class on analyzing communication networks, the 
instructor purposely entered the phone number of his friend, who was neither a U . 
person nor living in the United States. | | 

| The instructor 

was counseled on the restrictions on NSA authorities and was mandated to attend 
training on USSID SP0018, which he completed in July 2007. 


(S//DI//NF) A SIGI NT analyst conducted database queries at the request and with 
the permission ofa | ..1 

3 The analyst targeted the | 

in a SIGINT database. No information was developed and no reports were 
issued. /ibim 


(TO//GI//REL TO USA, PVEY j _(intercepted the 

communications of an unidentified individual calling a targeted telephone. Based on 
the content of the call, NSA analysts !" I do not believe this is a 

random te lephone call, but rather a misuse of govern ment information by a witting 
individual ! | This matter was reported to 

the Department of Defense General Counsel for an investigative determination. The 
incident has not violated U.S. person privacy rights but is reported because of the 
mi suse of the U.S. SIGINT System. 


Inspections 


(U//FOUO) During 2007, the Office of Inspector General (OIG) reviewed various 
intelligence activities of the National Security Agency/Central Security Service 
(NSA/CSS) to determine whether they were conducted in accordance with applicable 
statutes, Executive Orders, Attorney General procedures, and Department of 
Defense and internal directives. With few exceptions, the issues presented from the 
five inspections were routine and indicated that the operating elements understand 
the restrictions on NSA/CSS activities. The NSA/CSS OIG will track inspection 
corrective actions. 


4 
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(IJ7/FOUO) NS A/CSS Georgia. NSA/CSS Georgia has made significant 
improvements in its intelligence oversight program. The program management 
function was transferred to the operations staff from the security directorate. 
NSA/CSS Georgia has implemented a process to track intelligence oversight training 
for newly arrived employees by using computer account creation information. 
Advanced intelligence oversight training on United States Signals Intelligence 
Directive SIG1NT Policy 0018 (USSID SP0018) and the FISA was created for 
operations watch officers to provide more in-depth information and training on 
application of the authorities. Personnel within operational areas, especially high- 
risk mission areas, are well versed in the intelligence oversight authorities. 


(U/ /POB O - ) [ 


The[ 


(b)(3)-P.L. 86-36 


intelligence over sight tra ining program suffered from a lack of oversight. Only a 
small number of | 1 employees had completed the required intelligence oversight 
training in the last 2 years. Employees are aware of their reporting responsibilities, 
and incidents are reported in a timely manner. 


(b)(1) 

(b)(3)-P.L. 86-36 


(U//TO) |1 I I is 

diligently working to improve its Intelligence Oversight program, but procedures fall 
short of the minimum required to ensure that all employees receive required 
intelligence oversight training. Training is not managed effectively or efficiently, 
and there are no internal controls ensure training compliance. Although the 
understanding of NSA authorities in relation to collection, minimization, and 
dissemination was noted as poor, no intelligence oversight-related concerns were 
noted within operations. 

.... (l) 

.(b)(3)-P.L. 86-36 


(31-50 USC 3024(i) 


(u/ / p euo) [ _ _ \ intelli gence Oversight Program 

Management is degraded by weaknesses in th e! Ipersonnel database and the 
process used to ensure that all personnel with 


3 Intelli gence Oversight Program 


receive intelligence oversight training before they are exposed to operational 
or classified information. Additionally, although training is conducted as required 
by the DoD Regulation 5240.1-R and NSA/CSS Policy 1-23, more emphasis is needed 
on USSID SP0018 and National Telecommunications and Information Systems 
Security Directive 600 standards. There were no intelligence oversight concerns 
noted within mission operations. 

_(1) 

.-.(0(3)-p.l. 86-36 


(8//8I//REL TO USA, FVEY)| ~ ] Intelligence Oversight is hampered 

b y the a bsence of clearly delineated roles and responsibilities for the [ 


~\ Intelligence Oversight Program Manager and organizational points of 


TOP SFPRFT'- l CQiVli>;T. ' / NQrORNY/20320100 
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)(3)-P.L. 86-36 

contact. The organization lacks documented processes and procedures for timely 
reporting intelligence oversight incidents and violations, and there are no 
documented procedures for tracking intelligence oversight training; therefore, 
accounting for per sonnel who require the training is incomplete. Additionally, 

_ i _is not complying with intelligence oversig ht measures detailed in a 

Agreement with t he SIGINT Director regarding ! 

^ .ib) (1) 

(b)(31-P.L. 86-36 

3. (U) Substantive Changes to the NSA/CSS Intelligence Oversight Program. 


fS//0I//NF* Practicing due diligence . NSA has improved internal controls to reduce 
the risk of unauthorized collection. [ 


(b)(1) 

(b)(3)-P.L. 86 

4. (U) Changes to NSA/CSS published directives or policies concerning 
intelligence, counterintelligence, or intelligence-related activities and the reason 
for the changes. 


(U) Nothing to report. 


5. (U) Procedures governing the activities of Department of Defense (DoD) 
intelligence components that affect U.S. persons (DoD Directive 5240.1-R, 
Procedure 15) Inquiries or Matters Related to Intelligence Oversight Programs. 


(U) Intelligence Oversight Special Studies 

(U/ /FOU O »r I Th e NSA OIG conducted a f b) 1 

study on I I that r eceive raw SIGINT. 

The objectives of the review were to determine whether selected f I 

have the proper authorization to access raw SIGINT, have been provided guidance 
on its proper handling and use, and have adhered to applicable intelligence oversight 
authorities. 

(IJ//F0UGtSignals Intelligence Directorate (SID) documentation, g uidance, and 
intelligence oversight rela ted to the sharing of raw SIGINT with the["~ I 


-36 

3024(1) 


)-P.L. 86-36 


TOP S EC ft LnV/COM INT.'/hiOFORN . ' V20.120108 
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../' (b) (3J-P.L. 86-36 

I visited is inadequate. The internal controls within SID to oversee 
SIGLNT enabling work performed at the I ~1 visited were not effective, 

efficient, or measurable. Many SID and [ employees were not 

cognizant of required intelligence oversight training and related oversight 
procedures. The NSA OIG will track the deficiencies and oversee corrective action. 

.. (i) 



, :fb) (3)-P.L. 86-36 

(TG//QI//NF)| 
determine w 

| A review was completed to 

hetherNSA| 


1 The review 

did not find a pattern o 
misstatements by NSA 

errors, exaggeration of facts, or any intentional 


(T3//8I//REL ' TQ"tJgA, FVEY) 



(b)(3)-50 USC 3024(1) 


(IJ //FOU Ot[ 


|b)l3)-P.L. 


86-36 


(C//NF) Retention of Domestic Communications Collected Under FISA 
Surveillances. While conducting collection operations authorized under the FISA of 
1978, as amended, NSA incidentally collects domestic communications, subject to 
retention limitations. Although NSA information systems can be programmed to 
facilitate compliance with retention limitations, the SID is not fully using 
information system capabilities to do so. The OIG did not detect major instances of 
domestic communications in conflict with minimization procedures; however, we 
determined that the risk is high for noncompliance. The OIG found that appropriate 
training on ho w data repository system capabilities can aid analysts to comp ly with 
retention rules | | The 


TOP SCCRnT7COMlNT;.N ; OrORN-72032Q 100 
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OIG also found that developing an FBI-Compatible Dissemination System could 
lower NSA’s risk of noncompliance. 


(U) intelligence Oversight Investigation 


(U//FOUO) The NSA OIG Chief of Intelligence Oversight and the OIG Ombudsman 
completed an inquiry into a complaint of improper intelligence collection at. a field 
site. The allegations were not substantiated. 
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